[Git][security-tracker-team/security-tracker][master] Track fixed version for three netty issues fixed via unstable upload
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sat Nov 15 12:08:34 GMT 2025
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7e68ed63 by Salvatore Bonaccorso at 2025-11-15T13:08:02+01:00
Track fixed version for three netty issues fixed via unstable upload
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -9415,7 +9415,7 @@ CVE-2025-59481 (A vulnerability exists in an undisclosed iControl REST and BIG-I
CVE-2025-59478 (When a BIG-IP AFM denial-of-service (DoS) protection profile is config ...)
NOT-FOR-US: F5
CVE-2025-59419 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed> (bug #1118282)
+ - netty 1:4.1.48-11 (bug #1118282)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86
NOTE: https://github.com/netty/netty/commit/1782e8c2060a244c4d4e6f9d9112d5517ca05120 (netty-4.2.7.Final)
NOTE: https://github.com/netty/netty/commit/2b3fddd3339cde1601f622b9ce5e54c39f24c3f9 (netty-4.1.128.Final)
@@ -26770,7 +26770,7 @@ CVE-2025-58057 (Netty is an asynchronous event-driven network application framew
NOTE: Fixed by: https://github.com/netty/netty/commit/9d804c54ce962408ae6418255a83a13924f7145d (netty-4.2.5.Final)
NOTE: Fixed by: https://github.com/netty/netty/commit/34894ac73b02efefeacd9c0972780b32dc3de04f (netty-4.1.125.Final)
CVE-2025-58056 (Netty is an asynchronous event-driven network application framework fo ...)
- - netty <unfixed> (bug #1113995)
+ - netty 1:4.1.48-11 (bug #1113995)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
NOTE: https://github.com/netty/netty/issues/15522
NOTE: https://github.com/netty/netty/pull/15611
@@ -33380,7 +33380,7 @@ CVE-2025-55280 (This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi
CVE-2025-55279 (This vulnerability exists in ZKTeco WL20 due to hard-coded private key ...)
NOT-FOR-US: ZKTeco
CVE-2025-55163 (Netty is an asynchronous, event-driven network application framework. ...)
- - netty <unfixed> (bug #1111105)
+ - netty 1:4.1.48-11 (bug #1111105)
NOTE: https://github.com/netty/netty/security/advisories/GHSA-prj3-ccx8-p6x4
NOTE: Fixed by [1/2]: https://github.com/netty/netty/commit/be53dc3c9acd9af2e20d0c3c07cd77115a594cf1 (netty-4.1.124.Final)
NOTE: Fixed by [2/2]: https://github.com/netty/netty/commit/009bd17b38a39fb1eecf9d22ea8ae8108afaac59 (netty-4.1.124.Final)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e68ed6305027a1c9a33f9ff5f4f03f9b7735fd2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7e68ed6305027a1c9a33f9ff5f4f03f9b7735fd2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251115/69a3681d/attachment.htm>
More information about the debian-security-tracker-commits
mailing list